Merge pull request #194 from r4um/validate-state

Validate state param while redirecting.
This commit is contained in:
Jehiah Czebotar 2016-01-19 10:21:32 -05:00
commit d5a332c3f2

View File

@ -476,7 +476,7 @@ func (p *OAuthProxy) OAuthCallback(rw http.ResponseWriter, req *http.Request) {
}
redirect := req.Form.Get("state")
if redirect == "" {
if !strings.HasPrefix(redirect, "/") {
redirect = "/"
}